Over 1000 androids have been accused of going passed Google’ restriction measures to access your phone information along with your location data even after you have denied them permission, according to a recent study that was carried out.
Some of the android applications that were guilty of the said practice included Shutterfly and Hong Kong Disney. They collected location based data without the permission of the user and had access to phone IDs that may have been stored by some other apps without due protection on a smartphone’ SD card, even though Disney may have been totally oblivious to the whole practice.
The study equally reveals that the number of users affected by this unruly practice numbers in their millions. With this type of practice, unscrupulous developers only gain access to data that are private to users without taking their consent into consideration, thereby making room for ethical and legal concerns.
Some impeccable sources have revealed that Google has expressed real concerns over the issue and have decided to make it a little difficult for apps to pull such stunts with the coming Android 10Q, although no one knows for sure what part of the user flexibility triangle will be sacrificed to make this a reality. However, until that happens you have to be sceptical about how these apps respect Google privacy’ Terms and Conditions, and ensure you turn off your ID and location permissions for any application that should not be using them, as well as deleting apps that you know you are not using regularly.
Apps have a way of backstabbing the permission framework and gaining access to your most sensitive data in the absence the necessary user permission by implementing side and covert channels, as stated by a recent study that was published online.
While side channels make it impossible for apps to be regulated by the Android permission model, covert channels are employed when other apps that have access to user data share those contents with rogue apps that are not meant to be granted such permissions.
For instance, Salmonads and Baidu are two renowned names in China when it comes to tech companies. These companies allow their apps to write important data to users’ smartphone SD card just so other of their applications could make use of such information. Are these violations about Chinese companies alone? A Unity gaming engine that was put together by a company in San Francisco was equally guilty of sending the MAC addresses of phones to their servers whether they were granted permission or not.
After a conclusive survey was conducted for over 88000 android applications, it became obvious that over 1300 apps implemented either of these unscrupulous methods for accessing user data. Some applications stole location data by grabbing GPS coordinates, yet ended up accessing important details such as Wi-Fi network MAC addresses, which actually revealed where the users of such smartphones were actually located.
These unscrupulous apps equally accessed confidential things like emails, phone numbers, Wi-Fi network names, as well as SIM card IDs. It is possible that these apps are only doing this so their advert friends can pay higher for their services, since marketers are very much interested in your location as that could have a bearing on what they are selling; but those data can also be used for wrong purposes.
These discoveries and revelations have been like a clarion call to Google as well as organizations such as Trade Service Commission, with the hope that due investigation will be carried out and actions taken accordingly to stern the tide.